NSO continues its outreach to U.S. officials, including Secretary of State Antony Blinken
On November 10, The Intercept reported that NSO Group is demanding an urgent meeting with U.S. Secretary of State Antony Blinken. Days earlier, Timothy Dickinson – a partner with the Los Angeles-based law firm Paul Hastings which represents NSO Group – sent an email and a letter to State Department officials, saying he wants “to reaffirm the importance of NSO’s technology” and discuss “the importance of cyber intelligence technology in the wake of the grave security threats posed by the recent Hamas terrorist attacks in Israel and their aftermath.”
Dickinson, unsurprisingly, argues that “NSO’s technology is supporting the current global fight against terrorism in any and all forms.” There is no mention of the hundreds of cases of abuse of the company’s Pegasus spyware, though Dickinson touts the company’s “comprehensive, industry-leading human rights compliance program. In June 2021, NSO Group published its “first annual transparency and responsibility report” – it appears to be the only one to date. (A month later, the company published a laughable response to the Pegasus Project, a large-scale investigation into abuse of the Pegasus spyware, saying enough is enough.)
In November 2021, the U.S. Commerce Department blacklisted NSO Group by adding it to the Entity List. Companies on this list are not completely prohibited from doing business in the U.S., but the designation makes it more difficult to do. The move came four years after Citizen Lab first reported that Stephanie Brewer, an American lawyer in Mexico, had been targeted with the company’s Pegasus spyware.
The Commerce Department’s list was further enhanced with the addition of Intellexa and Cytrox this summer. The two companies are known for developing and selling Predator, sophisticated spyware which, like Pegasus, has been used against journalists and politicians around the world. In March, The New York Times reported that Predator had been used to target Artemis Seaford, a dual U.S.-Greek national working for Meta at the time of the attack.
In December 2021, at the first Summit for Democracy, the United States, Australia, Denmark and Norway announced the Export Controls and Human Rights Initiative to counter misuse of technology that violates human rights. In a joint statement, the countries committed to “establish a voluntary, nonbinding written code of conduct around which like-minded states could politically pledge to use export control tools to prevent the proliferation of software and other technologies used to enable serious human rights abuses.”
The first version of the code of conduct was released in March, endorsed by more than twenty governments. (As I noted in June, this includes North Macedonia – home to Cytrox and the Predator spyware.) At the same time, President Biden signed an Executive Order restricting American government use of commercial spyware that could pose national security risks or be misused to imperil human rights globally.
Last week, Eileen C. Donaho, the State Department's Special Envoy and Coordinator for Digital Freedom in the Bureau of Cyberspace and Digital Policy, participated in an event at the Paris Peace Forum titled “Unpacking the Cyber Mercenaries' Phenomenon." On X, the department said Donaho “laid out the 🇺🇸’s unprecedented, government-wide effort to counter the misuse and proliferation of commercial spyware.”
Ever since the first Summit for Democracy, lawyers for NSO Group have argued – to lawmakers in both the U.S. and the U.K. – that the company “has much to contribute to policy discussions.”
When Politico asked me if it’s morally dubious or wrong for NSO to be leveraging the war to ask the U.S. for sanctions relief, I said the company “will use every chance it gets to lobby” and “it should come as no surprise that the company is now leveraging the war for this purpose.”
In response to my comment, an unnamed person “working with NSO Group” said it was “frankly offensive.” But what’s offensive is the company’s continued collaboration with authorities which repeatedly abuse Pegasus to target civil society – individuals who have no recourse and little to no ability to defend themselves.
NSO likes to think of itself as an upstanding surveillance vendor, but has shown no desire to reckon with the harms it has caused since at least since 2014. A senior administration official told Politico that “revelations of misuse, specifically of NSO group software, have … continued unabated” since the Executive Order. At this rate, it’s looking like the company will remain on the government’s naughty list for quite some time.